• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.9-14
• /
• 2012

Maritime security incidents by pirates and by terrorists increase, but maritime incidents investigation models are limited to figure out the maritime security incidents. This paper provides the analysis model for maritime security incidents. To develop this analysis model, this categorizes five threat factors, the ship, the cargo type, port system, human factor, information flow system, makes the risk assessment matrix to quantify the risk related to threat factors and classifies four priority categories of risk assessment matrix. Also, this model makes from the frameworks which include a variety of security initiatives implementing in stakeholder levels like international organizations, individual governments, shipping companies, and the ship. Therefore, this paper develops the Analysis for Maritime Security Management model based on various security initiatives responding to the stakeholder levels of maritime security management and top-bottom/bottom-up decision trees, and shows the validity through verifying the real maritime security incident of M/V Petro Ranger.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.229-239
• /
• 2018

This paper analyzes the problems of existing CCTV and discusses cyber security problems of IP-CCTV in cloud computing environment. In order to reduce the risk of simply removing the risk associated with the provision of cloud services, the risk analysis and counter-measures need to be carried out effectively. Therefore, the STRIDE model as the Threat Risk Modeling is used to analyze the risk factors, and Analytic Hierarchy Process(AHP) is used to measure risk priorities based on the analyzed threats.

• Journal of the Korean Data and Information Science Society
• /
• v.22 no.2
• /
• pp.207-215
• /
• 2011

This Risk analysis on information related assets is conducted primarily according to the standards the Korea Information and Telecommunications Technology Association (TTA) or the International Organization for Standardization (ISO). The process is made of asset analysis, threat analysis, vulnerability analysis, and response plan analysis. The risk for information related assets belongs to the operational risks suggested by BIS (Bank for International Settlements) and the information related losses can be estimated in terms of BIS' suggestion. In this paper it is proposed that how to apply the method proposed by BIS to estimate the loss of information assets.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.79-101
• /
• 2012

This study expands the current body of research by exploring multiple scenarios of insufficient and excessive IT security investments caused by interdependent risks and the interplay between IT security investments and cyber insurance. A key finding is that organizations experiencing interdependent risks with different types of cyber attacks (i.e., targeted and untargeted attacks) use different strategies in making IT security investment decisions and in purchasing cyber insurance policies for their information security risk management than firms that are facing independent risks. The study further provides an economic rationale for employing insurance mechanisms as a risk management solution for information security.

• Journal of Multimedia Information System
• /
• v.8 no.4
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.101-111
• /
• 2004

Risk analysis process, which identifies vulnerabilities and threat causes of network assets and evaluates expected loss when some of network assets are damaged, is essential for diagnosing ISP network security levels and response planning. However, most existing risk analysis systems provide only methodological analysis procedures, and they can not reflect continually changing vulnerabilities and threats information of individual network system on real time. For this reason, this paper suggests new system design methodology which shows a scheme to collects and analyzes data from network intrusion detection system and vulnerability analysis system and estimate quantitative risk levels. Additionally, experimental performance of proposed system is shown.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1261-1266
• /
• 2021

Existing information security risk assessment methods focus on evaluating the vulnerability of information assets. However, when the form of information assets changes and new types of information assets emerge, there is a limitation in that the evaluation standards for them are also added or deleted. Existing methods have insufficient research on the path through which cyber threats are introduced. In particular, there is very little research on blocking the inflow path for web-based information systems with public IPs. Therefore, this paper introduces the main research contents of the BDLA (Blockade and Defense Level Analysis)-based information security risk assessment model. In addition, by applying the BDLA-based information security risk assessment model, the information security risk level was studied by measuring the blockade level and security equipment level of 17 public institutions.

• The KIPS Transactions:PartD
• /
• v.17D no.3
• /
• pp.223-232
• /
• 2010

This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.67-75
• /
• 2002

The purpose of this study is to reflect the risk analysis results acquired while building an information system of an organization by applying a risk analysis model capable of analyzing the confronted risk, on the information system build methodology. Risk analysis, a method of utilizing the functional relation between risk, vulnerability and countermeasure of information assets, is used to evaluate the overall information risk level by analyzing the influence range of vulnerability imposed in the information asset of an organization, and the applications of the countermeasures on the frequency and intensity of the corresponding risk.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.303-315
• /
• 1994